All features/Risk, materiality & the risk matrix
Phases 3–6 · PlanningFrom understanding the entity to a partner-signed audit approach.
Phases 3 to 6 turn understanding into an audit approach: inherent risk, control risk, a partner-locked materiality, and the risk matrix that decides — area by area — what the audit will actually do.
Understanding the entity, working paper by working paper.
The inherent-risk program covers the full planning suite: the planning meeting (for-profit and NFP templates), material accounting policies checked against the AASB standards, AI-categorised review of minutes, the big ASA 315 understanding-the-entity working paper with fraud risk under ASA 240, payroll and other laws and regulations, accounting estimates under ASA 540, planning analytics with auto-flagged movements, going concern under ASA 570, related parties, and the fraud-triangle analysis. AuditBot drafts responses from the data on file — the auditor rates every risk Low, Medium or High.
- Two presumed fraud risks are mandatory: revenue recognition (rebuttable, very high bar) and management override (never rebutted).
- Going concern indicators notify the partner immediately.
- Fraud risk questionnaires go to management, TCWG and finance via the client portal, cross-referenced for inconsistencies.
- Every Phase 3 working paper feeds the register automatically — assertions, ratings, partner agreement per line.
Controls, walkthroughs and IT — sized to the entity.
Control risk works from the entity's actual environment: governance and tone at the top, the risk-assessment process, monitoring controls with questionnaires routed by entity size, the financial reporting system, journal-entry controls, and controls over estimates generated from the Phase 3 estimates work. Walkthroughs trigger off a seven-point assessment, and IT is assessed at three complexity levels that scope what must be examined.
- Prior-year controls reliance runs three hard-stop questions per ASA 330 — any yes means re-test.
- Service organisations: Type 1 vs Type 2 report assessment before any reliance.
- Deficiencies are documented as they surface and carry to the summary.
Eight steps to four figures — then the partner locks it.
Materiality builds in sequence: who uses the financial statements, the entity profile, the benchmark (AI-suggested, auditor-chosen with rationale), the engagement risk rating, then overall materiality from a risk-based percentage range, performance materiality at 50–75%, trivial at 3–5%, and specific materiality for sensitive areas. The partner approves and locks all four figures — and any later change triggers a full downstream recalculation of thresholds and sample sizes.
- Both interim and final materiality calculations are supported.
- Specific materiality covers areas like director and related-party transactions.
Where the audit's scope is actually decided.
The risk matrix assembles itself from the inherent risk register, the control risk summary, the fraud work and IT findings: for every financial-statement area — inherent risk × control risk gives the risk of material misstatement, with assertions, significant-risk flags, and whether analytics suffice or detailed testing is required. AuditBot suggests the planned response per area; the auditor confirms; the partner signs.
- Sample-size parameters flow from materiality and the risk ratings.
- Nothing is tested “because the template had a tab for it” — scope follows risk.
| Area | RoMM | Planned approach |
|---|---|---|
| Revenue | High | Detailed testing |
| Trade debtors | Medium | Sampling + confirmations |
| Payroll | Low | Substantive analytics |
See it on your own engagements.
Start your firm free, or book a demo and we will walk you through the platform on a real audit file.
No credit card to start · Australian-resident data · Cancel anytime